According to a concerning note posted today on Facebook’s blog, the site was faced with a significant security bug that potentially exposed the contact information and personal details of over six million users of their popular social network.
TechCrunch reports on the details:
A Facebook security bug exposed users’ personal contact information (email or phone number) to other users who were connected to them; the bug has affected 6 million accounts.
“When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations,” the security team wrote in a blog post published today.
“Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook,” the post continued. “As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection.”
A Facebook spokesperson tells me the bug has been live since last year, and was discovered last week. Facebook says the security team fixed the bug less than 24 hours after it was brought to their attention. The social giant says six million users had email addresses or phone numbers that were included in the downloads. […]
While Facebook insists that the bug has not been exploited by malicious parties, it’s nevertheless a matter of concern. It’d probably be a great idea to keep an eye on your email account to check for any unusual activity. Pretty sloppy work on the part of Facebook’s security team. For more details, check out the full report over at TechCrunch.
